Site Hosting Malware

[prgdod]

Howdy TCH Gurus. It seems my simple website has been compromised and I come to you seeking help. I have tried to delete a few folders thru ftp and cpanel. they will not fully delete. I would like to nuke the whole site and start from scratch to get rid of all the malicious things... As a n00b when it comes to website stuff, is there anything i shouldnt delete? any advice would be appreciated. the site is prgsouth.com but proceed w/ caution

[TCH-Thomas]

I would ask the help desk to remove things not needed, or even reprovision the account, ie set it to the state it was once when you signed up. Link on top of page and in my signature.

 

When that is done, please make sure you do this:

1. use complex passwords, and never reveal it to others.

2. change passwords occasionally(cpanel,database,emails)

3. don't use unsecured scripts on your website

4. don't use full permissions to files/folders

5. take backup of your domain occasionally

6. don't use unsecured applications

[prgdod]

ok i changed all passwords for all the email acct's & cpanel, but do not know where to change/find the database pw. the site was provisioned and i reloaded an older clean backup i had. Worked fine for a day, then the script from the bad guys is back. where is the security hole? the only thing i know is they add a getimage.php file to the images folder.

[TCH-Bruce]

Please open a ticket with the help desk. You may be running an old version of a script that has a security hole in it. Check that any scripts you are running are updated. Make sure none of your folders have -rwx for everyone.

[TCH-Dick]

Sounds like the code is on your database, we will take a look at it now and update your ticket.

 

Well that's no good, you don't have any databases. If you update your ticket with the URL of the page that you are seeing this on, we can review it further.